# IPSec Remote Access VPN Clients on Windows

## <mark style="color:green;">**Overview**</mark> <a href="#overview" id="overview"></a>

This configuration guide describes configuring IPsec IKEv2 Remote Access VPN by Windows Client on Windows OS to establish VPN connections. After that, the customer can access virtual machines and applications located on the HGIO Cloud with more security and reliability.

## <mark style="color:green;">**Procedure**</mark> <a href="#procedure" id="procedure"></a>

**Setup IPSec IKEv2 Remote Access VPN**\
**Setup VPN Windows Client**

{% stepper %}
{% step %}
**Step 1:** Configuration VPN Profile for Windows client.

Open **PowerShell** with **Administrator** permission.

<figure><img src="/files/kkvDqmzYsslcMcfUhMiR" alt=""><figcaption></figcaption></figure>

Copy and paste the information below into PowerShell (replace red word xxxx by your domain name).

> Add-VpnConnection -Name "HI-GIO-IKEv2-VPN" -ServerAddress " remote-xxxxx.xxxx01.vpn.higio.net " -TunnelType "Ikev2"
>
> Set-VpnConnectionIPsecConfiguration -ConnectionName "HI-GIO-IKEv2-VPN" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod GCMAES128 -IntegrityCheckMethod SHA256 -PfsGroup "PFS2048" -DHGroup "Group14" -PassThru -Force

<figure><img src="/files/xRcPZNNEnzXd9S4IrXfd" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Step 2:** Enable VPN split tunneling in the Windows client.

Virtual private network (VPN) split tunneling lets you route some of your application or device traffic through an encrypted VPN. In contrast, other applications or devices have direct access to the internet.

Copy and paste the information below into PowerShell.&#x20;

> Set-VPNconnection -name "HI-GIO-IKEv2-VPN" -SplitTunneling $true

<figure><img src="/files/Asbh74aM8VOJCoZZxJC6" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Step 3:** Add a route to a VPN connection.

* Add a VPN connection route for the subnet (example: <mark style="color:red;">10.16.1.0/24</mark>). If we need to add an additional subnet, perform the same way and replace it with the new subnet.
* Copy and paste the information below into PowerShell.&#x20;

> Add-VpnConnectionRoute -ConnectionName "HI-GIO-IKEv2-VPN" -DestinationPrefix "<mark style="color:red;">10.16.1.0/24</mark>" -PassThru

<figure><img src="/files/7dIkGfY3VnAX30VkxYgP" alt=""><figcaption></figcaption></figure>

* Step Connect VPN from Windows Client.

<div align="left"><figure><img src="/files/3Kf7e9bo1P4VGljAQ3YL" alt=""><figcaption></figcaption></figure></div>

* Login to the account with the provided username and password, then click OK.

<div align="left"><figure><img src="/files/sjFZi1nEXxnyLwQgedQU" alt=""><figcaption></figcaption></figure></div>

* The VPN connection was established successfully.&#x20;

<div align="left"><figure><img src="/files/qNsxmaI9fKcFDWv5aCoD" alt=""><figcaption></figcaption></figure></div>

* Using the ping command line, confirm that you are connected to the application located on the HGIO Cloud.

<div align="left"><figure><img src="/files/fhPmrnIdeKw4dWyqxA2R" alt=""><figcaption></figcaption></figure></div>
{% endstep %}
{% endstepper %}

&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.higiocloud.vn/network/2.-vpn/ipsec-remote-access-vpn-clients-on-windows.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.